🔒 Move the administration dashboard to a subdomain

app/controllers/dashboard/dashboard_controller.rb

@@ -1,5 +1,7 @@
 class Dashboard::DashboardController < ApplicationController
 
+  before_action :authenticate_user!
+
   def index
     @videos = Video.count
     @playlists = Playlist.count

app/views/layouts/dashboard/_header.html.erb

@@ -18,7 +18,8 @@
           <%= navigation_link t('.users'), [:dashboard, :users] %>
         </ul>
         <ul class="nav navbar-nav navbar-right">
-          <li><%= link_to t('.view_site'), root_path %></li>
+          <li class="navbar-text hidden-xs"><%= current_user.email %></li>
+          <li><%= link_to t('.view_site'), root_url(subdomain: nil), target: :blank %></li>
           <li><%= link_to t('.log_out'), destroy_user_session_path %></li>
         </ul>
       </div>

config/initializers/session_store.rb

@@ -1,3 +1,3 @@
 # Be sure to restart your server when you modify this file.
 
-Rails.application.config.session_store :cookie_store, key: '_makigas_session'
+Rails.application.config.session_store :cookie_store, key: '_makigas_session', secure: Rails.env.production?

config/routes.rb

@@ -1,20 +1,13 @@
 Rails.application.routes.draw do
-  # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
-
   # Application error routes
   get '/404', to: 'error#not_found', via: :all
   get '/422', to: 'error#unprocessable_entity', via: :all
   get '/500', to: 'error#internal_server_error', via: :all
 
-  devise_for :users, controllers: {
-    sessions: 'users/sessions',
-    passwords: 'users/passwords'
-  }
-  root to: 'front#index'
-
-  # Routes for the dashboard
-  authenticate :user do
-    namespace :dashboard do
+  # Dashboard routes
+  constraints subdomain: 'dashboard' do
+    devise_for :users, controllers: { sessions: 'users/sessions', passwords: 'users/passwords' }
+    namespace :dashboard, path: '' do
       root to: 'dashboard#index', as: ''
       resources :topics
       resources :videos, only: [:index, :new, :create]
@@ -29,18 +22,19 @@
     end
   end
 
-  get :terms, to: 'pages#terms'
-  get :privacy, to: 'pages#privacy'
-  get :disclaimer, to: 'pages#disclaimer'
-  get :cookies, to: 'pages#cookies'
-
+  # Main application routes
+  root to: 'front#index'
+  resources :topics, only: [:index, :show], constraints: { format: :html }
   resources :videos, only: :index, constraints: { format: :html }
   resources :playlists, path: 'series', only: [:index, :show], constraints: { format: :html } do
     resources :videos, path: '/', only: [:show], constraints: { format: :html }
   end
-  resources :topics, only: [:index, :show], constraints: { format: :html }
+  get :terms, to: 'pages#terms'
+  get :privacy, to: 'pages#privacy'
+  get :disclaimer, to: 'pages#disclaimer'
+  get :cookies, to: 'pages#cookies'
 
-  # Redirect old routes.
+  # Legacy routes (redirect only).
   get '/videos/:topic/:playlist/episodio/:video' => redirect('/series/%{playlist}/%{video}')
   get '/videos/:topic/:playlist' => redirect('/series/%{playlist}')
   get '/videos/:playlist' => redirect('/series/%{playlist}')

spec/features/dashboard/dashboard_spec.rb

@@ -0,0 +1,20 @@
+require 'rails_helper'
+
+RSpec.feature "Dashboard", type: :feature do
+  before { Capybara.default_host = "http://dashboard.example.com" }
+  after { Capybara.default_host = "http://www.example.com" }
+
+  context "when not logged in" do
+    it "should not be success" do
+      visit dashboard_path
+      expect(page.current_path).not_to eq dashboard_topics_path
+    end
+  end
+
+  context "when logged in" do
+    it "should be success" do
+      visit dashboard_path
+      expect(page.status_code).to eq 200
+    end
+  end
+end

spec/features/dashboard/opinions_spec.rb

@@ -1,6 +1,9 @@
 require 'rails_helper'
 
 RSpec.feature "Dashboard opinions", type: :feature do
+  before { Capybara.default_host = "http://dashboard.example.com" }
+  after { Capybara.default_host = "http://www.example.com" }
+
   context "when not logged in" do
     it "should not be success" do
       visit dashboard_opinions_path

spec/features/dashboard/playlist_videos_spec.rb

@@ -1,6 +1,9 @@
 require 'rails_helper'
 
 RSpec.feature "Dashboard playlist videos", type: :feature do
+  before { Capybara.default_host = "http://dashboard.example.com" }
+  after { Capybara.default_host = "http://www.example.com" }
+
   before(:each) {
     @playlist = FactoryGirl.create(:playlist)
     @videos = [

spec/features/dashboard/playlists_spec.rb

@@ -1,6 +1,9 @@
 require 'rails_helper'
 
 RSpec.feature "Dashboard playlists", type: :feature do
+  before { Capybara.default_host = "http://dashboard.example.com" }
+  after { Capybara.default_host = "http://www.example.com" }
+
   context "when not logged in" do
     it "should not be success" do
       visit dashboard_playlists_path

spec/features/dashboard/topics_spec.rb

@@ -1,6 +1,9 @@
 require 'rails_helper'
 
 RSpec.feature "Dashboard topics", type: :feature do
+  before { Capybara.default_host = "http://dashboard.example.com" }
+  after { Capybara.default_host = "http://www.example.com" }
+
   context "when not logged in" do
     it "should not be success" do
       visit dashboard_topics_path

spec/features/dashboard/videos_spec.rb

@@ -1,6 +1,9 @@
 require 'rails_helper'
 
 RSpec.feature "Dashboard videos", type: :feature do
+  before { Capybara.default_host = "http://dashboard.example.com" }
+  after { Capybara.default_host = "http://www.example.com" }
+
   context "when not logged in" do
     it "should not be success" do
       visit dashboard_videos_path
@@ -59,6 +62,8 @@
         click_button 'Crear Vídeo'
       }.to change { Video.count }.by 1
 
+      # Test the video does not appear
+      Capybara.default_host = "http://www.example.com"
       visit root_path
       within '.recent-videos' do
         expect(page).not_to have_link 'My video title'